Apache mod_rewrite or general conf. problem with long URLs with special chars

Hi,
The Subject is too long but tried to attrach professionals with
subject too.

Here is the problem:
We're using Apache 2.2.6 on windows and 2.2.2 on Linux System for a
Reverse Proxy Scenario.

Here is the configuration details:



ServerName external.company.com
DocumentRoot "d:/www/EN"

ProxyPreserveHost On
ProxyVia On
RewriteEngine On
RewriteLog "logs/EP_rewrite.80.error.log"
RewriteLogLevel 0
RewriteRule ^/tedarikportali/(.*) http://10.0.0.1:8080/tedarikportali/$1
[P]
RewriteRule ^/temsaportali/(.*) http://10.0.0.1:8080/temsaportali/$1
[P]
RewriteRule ^/irj/(.*) http://internalhost.company.com:50000/irj/$1
[P]
RewriteRule ^/logon/(.*) http://internalhost.company.com:50000/logon/$1
[P]
RewriteRule ^/webdynpro/(.*) http://internalhost.company.com:50000/webdynpro/$1
[P]
RewriteRule ^/AdobeDocumentServices/(.*)
http://internalhost.company.com:50000/AdobeDocumentServices/ $1 [P]
RewriteRule ^/TemsaPM/(.*) http://internalhost.company.com:50000/TemsaPM/$1
[P]
RewriteRule ^/temsabulletin/(.*) http://internalhost.company.com:50000/temsabulletin/$1
[P]
RewriteRule ^/ContentServer/(.*) http://10.0.0.2:1090/ContentServer/$1
[P]
RewriteRule ^/sap/(.*) http://internalhost2.company.com:8000/sap/$1
[P]
# ErrorLog logs/EP.80.error.log
# CustomLog logs/EP.80.custom.log common


Problem is, when we tried o access the system from internet with
domain external.company.com and call long URLs with more than 17 Chars
and with special chars (like [ or ] chars), it throws error.
On Apache Side, no error is written within log files. But Browser
throws a "The Domain Name Server (DNS) is not reachable." error.

We've tested this scenario with the following sample URLs:
http://external.company.com/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA] --
> Throws error
http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA -->
Gives a "Object Not found error and this is normal"

Not sure if this is a Apache Problem or a Browser problem

Re: Apache mod_rewrite or general conf. problem with long URLs with special chars

"hbilgen" schreef in bericht
news:1193150088.082770.44130@e34g2000pro.googlegroups.com...

> Problem is, when we tried o access the system from internet with
> domain external.company.com and call long URLs with more than 17 Chars
> and with special chars (like [ or ] chars), it throws error.
Some of those characters may cause havoc on Windows: not allowed in file and
folder names.
Some characters are encoded by the browser (urlencoding of an [ into %5B and
may need special care at scripts at the server

> On Apache Side, no error is written within log files. But Browser
> throws a "The Domain Name Server (DNS) is not reachable." error.
If a browser cannot find the address of a server, the server does not
receive a request, without a request no chance an error is logged.

Accessive urlencoding at a serverside script may have served a link like
http://external%2Ecompany%2Ecom/. The browser will not decode those and a
DNS-lookuop is using the %2E literrally and fails.

BTW to avoid clue less reports, do not use IE.


> We've tested this scenario with the following sample URLs:
> http://external.company.com/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA] --
>> Throws error
> http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA -->
> Gives a "Object Not found error and this is normal"
>
> Not sure if this is a Apache Problem or a Browser problem
It seems mostly a server side problem to me, but hardly related to
mod_rewrite

Be aware the size of among others an URL is limited
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestl ine

HansH

Re: Apache mod_rewrite or general conf. problem with long URLs with special chars

On 24 Ekim, 01:22, "HansH" wrote:
> "hbilgen" schreef in berichtnews:1193150088.082770.44130@e34g2000pro.googlegroups .com...
>
> > Problem is, when we tried o access the system from internet with
> > domain external.company.com and call long URLs with more than 17 Chars
> > and with special chars (like [ or ] chars), it throws error.
>
> Some of those characters may cause havoc on Windows: not allowed in file and
> folder names.
> Some characters are encoded by the browser (urlencoding of an [ into %5B and
> may need special care at scripts at the server
>
> > On Apache Side, no error is written within log files. But Browser
> > throws a "The Domain Name Server (DNS) is not reachable." error.
>
> If a browser cannot find the address of a server, the server does not
> receive a request, without a request no chance an error is logged.
>
> Accessive urlencoding at a serverside script may have served a link likehttp://external%2Ecompany%2Ecom/. The browser will not decode those and a
> DNS-lookuop is using the %2E literrally and fails.
>
> BTW to avoid clue less reports, do not use IE.
>
> > We've tested this scenario with the following sample URLs:
> >http://external.company.com/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA] --
> >> Throws error
> >http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA-->
> > Gives a "Object Not found error and this is normal"
>
> > Not sure if this is a Apache Problem or a Browser problem
>
> It seems mostly a server side problem to me, but hardly related to
> mod_rewrite
>
> Be aware the size of among others an URL is limitedhttp://httpd.apache.org/docs/2.2/mod/core.html#limitr equestline
>
> HansH

Hi Hans,

Thanx for your interest and helpful answers.
Here is what I found:

The Apache Proxy Server is running on a SuSe Linux version 10. I've
another customer who runs Apache on a Fedora Linux System. The System
which runs on Fedora gives 404 Error when I call it via an URL like
above. But the system which runs on SuSe returns a DNS error.
Here you can test it also :

http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAB]
>> gives a DNS error

http://bayiportal.ipragaz.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAB]
>> gives 404 error

Have you any idea?

Re: Apache mod_rewrite or general conf. problem with long URLs with special chars

"hbilgen" schreef in bericht
news:1194094148.386914.171930@50g2000hsm.googlegroups.com...
>> BTW to avoid clue less reports, do not use IE.
>>
>> > We've tested this scenario with the following sample URLs:
>> >http://external.company.com/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA] --
>> >> Throws error
>> >http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA-->
>> > Gives a "Object Not found error and this is normal"
>>
>> > Not sure if this is a Apache Problem or a Browser problem
>>
>> It seems mostly a server side problem to me, but hardly related to
>> mod_rewrite
>>
>> Be aware the size of among others an URL is
>> limitedhttp://httpd.apache.org/docs/2.2/mod/core.html#limitr equestline
>>
> The Apache Proxy Server is running on a SuSe Linux version 10. I've
> another customer who runs Apache on a Fedora Linux System. The System
> which runs on Fedora gives 404 Error when I call it via an URL like
> above. But the system which runs on SuSe returns a DNS error.
> Here you can test it also :
>
> http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAB]
>>> gives a DNS error
No DNS error seen here

:/etc/apache2$ GET -Sue
"http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAB]"
GET http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAB]
GET http://online1.temsa.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAB]
--> 500 Server closed connection without sending any data back
Content-Type: text/plain
Client-Date: Sat, 03 Nov 2007 13:10:19 GMT
Client-Warning: Internal response

500 Server closed connection without sending any data back

Did you notice
http://online1.temsa.com.tr/abcdefghijklmnopqrstuvw.xyz?test [0]=1
http://online1.temsa.com.tr/abcdefghijklmnopqrstuv]w.xyz?tes t[0]=1
http://online1.temsa.com.tr/AAAAAAA%41AAAAAAAA]
http://online1.temsa.com.tr/aaaaaaaabaaaaaaaaaaaaaaaa]
http://online1.temsa.com.tr/aaaaaaaaaaaaaa%61%61aaa]
each giving a decent 404?!

The connection apparently is terminated if the url contains a series of over
16 identical alphabetical characters AND an urlencoded non-readable entity
(per example {}[]|\) ... The results for encoded readable characters
breaking a series is kind of fuzzy.

> http://bayiportal.ipragaz.com.tr/AAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAB]
>>> gives 404 error
>
> Have you any idea?
I'ld say there's a odd, near paranoid url-checker (part of firewall) upfront
of online1.temsa.com.tr kicking [your] ass.
Might be part of the hoster's (good) plan against dDoS; consider yourself
lucky not to be banned to visit by now ;-)


HansH